Chetan Mehrotra created SLING-2623: -------------------------------------- Summary: Simplifying usage of JAAS based authentication with Repository in OSGi Key: SLING-2623 URL: https://issues.apache.org/jira/browse/SLING-2623 Project: Sling Issue Type: New Feature Components: JCR Reporter: Chetan Mehrotra
Currently Sling uses LoginModulePlugin to provide pluggable authentication support. I have been working on a poc to enable similar pluggable support based on JAAS. Complete details are provided at [1]. This work consisted of two parts 1. Simplify usage of JAAS in OSGi env - This is currently being discussed/implemented as a new bundle in Apache Felix. Refer to FELIX-3705 [2] 2. Modify Sling to make use of new JAAS support - This is implemented in Sling fork at [3]. Details about changes required in Sling are provide below This issue is created to capture the overall details. If required separate issues can be created to implement specific parts. All changes can be seen at [3]. Kindly provide your feedback/comments on the proposed approach :) Feature Details =========== A - New org.apache.sling.jcr.jackrabbit.base bundle ------------ A new jar/bundle is added which provide some common classes which simplify Jackrabbit integration in OSGi env. Currently it provides two features * DelegatingLoginModule - This LoginModule acts as a bridge between OSGi and JR layer. It is based on Approach B explained in [1] * PrincipalProviderTracker - It is used to provide an OSGi based PrincipalProviderRegistry which follows the whiteboard pattern to collect PrincipalProviders B - Changes in Jackrabbit Server bundle ------------ The Jackrabbit server bundle has been modified to make use of the new features * Repository config is modified to ** Use the DelegatingLoginModule ** Use the OsgiAwareSecurityManager which uses the OSGi based PrincipalProviderRegistry * SlingDefaultLoginModule - A new module is exposed as part of this bundle's API. Any other bundle which earlier implemented the LoginModulePlugin can extend this login module and integrate with Sling Repository authentication * pom.xml - It has been modified to expose the supported LoginModules and certain security related packages C - Changes in Form authentication bundle ------------ The Form authentication bundle has been modified to regsiter a LoginModuleFactory. This uses the new approach to provide LoginModules as explained at [2],[4] "Changes in Sling" section of [1] provides more details on the changes done [1] https://github.com/chetanmeh/c/wiki/Jaas-in-OSGi-with-Jackrabbit-and-Sling [2] https://issues.apache.org/jira/browse/FELIX-3705 [3] https://github.com/chetanmeh/sling/compare/jaas-osgi-adv [4] https://github.com/chetanmeh/c/wiki/JAAS-in-OSGi -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira